CVE-2016-5262
Published Aug 5, 2016
Last updated 24 days ago
Overview
- Description
- Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
- Source
- security@mozilla.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1456CC69-6E37-4C75-8D9A-172ED8A571EB",
"versionEndIncluding": "47.0.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4123CC23-4443-4B13-A064-04B0B04354FE"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E084D09-97BE-43E1-94D1-05206E513B99"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:45.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "915E92FE-8049-4EA5-95B8-F3EA25F78546"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:45.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA9E7A47-5E77-4736-920A-93283E30DC7C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9"
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13"
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"
}
],
"operator": "OR"
}
]
}
]